FINAL // FOR OFFICIAL USE ONLY. William Noonan

Transcription

1 FINAL // FOR OFFICIAL USE ONLY William Noonan Deputy Special Agent in Charge United States Secret Service Criminal Investigative Division Cyber Operations Branch Prepared Testimony Before the United States Senate Committee on Banking, Housing, and Urban Affairs December 10, 2014

2 Good morning Chairman Johnson, Ranking Member Crapo, and distinguished Members of the Committee. Thank you for the opportunity to testify on the ongoing challenge of cyber crime impacting our Nation s financial system. The U.S. Secret Service (Secret Service) has decades of experience investigating large-scale criminal cyber intrusions, in addition to other crimes that impact our Nation s financial payment systems. Based on this investigative experience, I hope to provide this Committee insight into the continued trend of transnational cyber criminals targeting our Nation s financial system for their illicit gain. The Role of the Secret Service The Secret Service was founded in 1865 to protect the U.S. financial system from the counterfeiting of our national currency. As the Nation s financial system evolved from paper to plastic to electronic transactions, so too has the Secret Service s investigative mission. Today, our modern financial system depends heavily on information technology for convenience and efficiency. Accordingly, criminals have adapted their methods and are increasingly using cyberspace to exploit our Nation s financial payment system by engaging in fraud and other illicit activities. This is not a new trend; criminals have been committing cyber enabled financial crimes since at least Congress established 18 USC as part of the Comprehensive Crime Control Act of and explicitly assigned the Secret Service authority to investigate these criminal violations. 3 These statutes first established as specific Federal crimes unauthorized access to computers 4 and the fraudulent use, or trafficking of, access devices 5 defined as any piece of information or tangible item that is a means of account access that can be used to obtain money, goods, services, or other thing of value. 6 Secret Service investigations have resulted in the arrest and successful prosecution of cyber criminals involved in the largest known data breaches, including those of TJ Maxx, Dave & Buster s, Heartland Payment Systems, and others. Over the past five years Secret Service cyber crime investigations have resulted in over 5,940 arrests, associated with approximately $1.53 billion in fraud losses and the prevention of over $11.71 billion in potential fraud losses. Through our work with our partners at the U.S. Department of Justice (DOJ), in particular local U.S. Attorney s Offices, the Computer Crime and Intellectual Property Section (CCIPS), the International Organized Crime Intelligence and Operations Center (IOC-2), the Federal Bureau of Investigations (FBI) and others, we will continue to bring major cyber criminals to justice. 1 Beginning in 1970, and over the course of three years, the chief teller at the Park Avenue branch of New York s Union Dime Savings Bank manipulated the account information on the bank s computer system to embezzle over $1.5 million from hundreds of customer accounts. This early example of cyber crime not only illustrates the long history of cyber crime, but the difficulty companies have in identifying and stopping cyber criminals in a timely manner a trend that continues today. 2 Pub. L , 1602(a) and 2102(a), 98 Stat. 1837, 2183 and U.S.C. 1029(d) & 1030(d)(1) 4 18 U.S.C U.S.C U.S.C. 1029(e)(1) 1

3 The Transnational Cyber Crime Threat Advances in computer technology and greater access to personally identifiable information (PII) via the Internet have created online marketplaces for transnational cyber criminals to share stolen information and criminal methodologies. As a result, the Secret Service has observed a marked increase in the quality, quantity, and complexity of cyber crimes targeting private industry and critical infrastructure. These crimes include network intrusions, hacking attacks, malicious software, and account takeovers leading to significant data breaches affecting every sector of the world economy. The recently reported payment card data breaches are examples of the decadelong trend of major data breaches perpetrated by transnational cyber criminals who are intent on targeting our Nation s financial payment system for their illicit gain. The growing collaboration amongst cyber-criminals allows them to compartmentalize their operations, greatly increasing the sophistication of their criminal endeavors as they develop expert specialization. These specialties raise both the complexity of investigating these cases, as well as the level of potential harm to companies and individuals. For example, illicit underground cyber crime marketplaces allow criminals to buy, sell, and trade malicious software, access to sensitive networks, spamming services, payment card data, PII, bank account information, brokerage account information, hacking services, and counterfeit identity documents. These illicit digital marketplaces vary in size, with some of the more popular sites boasting membership of approximately 80,000 users. These digital marketplaces often use various digital currencies, and cyber criminals have made extensive use of digital currencies to pay for criminal goods and services or launder illicit proceeds. Secret Service Strategy for Combating this Threat The Secret Service proactively investigates cyber crime using a variety of investigative means to infiltrate these transnational cyber criminal groups. As a result of these proactive investigations, the Secret Service is often the first to learn of planned or ongoing data breaches and is quick to notify financial institutions and the victim companies with actionable information to mitigate the damage from the data breach and terminate the criminal s unauthorized access to their networks. One of the most poorly understood facts regarding data breaches is that it is rarely the victim company that first discovers the criminal s unauthorized access to their network; rather it is law enforcement, financial institutions, or other third parties that identify and notify the likely victim company of the data breach. A trusted relationship with the victim is essential for confirming the crime, remediating the situation, beginning a criminal investigation, and collecting evidence. The Secret Service s growing global network of 37 Electronic Crimes Task Forces (ECTF), located within our field offices, are essential for building and maintaining these trusted relationships, along with the Secret Service s commitment to protecting victim privacy. The Secret Service routinely discovers data breaches through our proactive investigations and notifies victim companies with actionable information. For example, as a result of information discovered this year through just one of our ongoing cyber crime investigations, the Secret Service notified hundreds of U.S. entities of cyber criminal activity targeting their organizations. 2

4 Additionally, as the Secret Service investigates cyber crime, we discover current criminal methods and share this cybersecurity information broadly to enable other organizations to secure their networks. The Secret Service does this through contributing to leading industry annual reports such as the Verizon Data Breach Investigations Report and the Trustwave Global Security Report, and through more immediate reports, including joint Malware Initial Findings Reports (MIFRs). This year, UPS Stores Inc. used information published in a joint report by the Secret Service, National Cybersecurity and Communications Integration Center, United States Computer Emergency Readiness Team (NCCIC/US-CERT), and the Financial Services Information Sharing and Analysis Center (FS-ISAC) on the Back-Off malware to protect itself and its customers from cyber criminal activity. 7 The information in this report was derived from a Secret Service investigation of a network intrusion at a small retailer in Syracuse, New York. The Secret Service publically shared actionable cybersecurity information derived from this investigation to help numerous other organizations while still safeguarding sensitive information. As a result, UPS Stores, Inc. was able to identify 51 stores in 24 states that had been impacted, and then were able to contain and mitigate this cyber incident before it developed into a major data breach. 8 As we share cybersecurity information discovered in the course of our criminal investigation, we also continue our investigation in order to apprehend and bring to justice those involved. Due to the inherent challenges in investigating transnational crime, particularly the lack of cooperation of some countries with law enforcement investigations, it can take years to finally apprehend the top tier criminals responsible. For example, even after a 2011 indictment, Secret Service agents were not able to arrest Roman Seleznev of Vladivostok, Russia, in an international law enforcement operation until just recently. Mr. Seleznev has been charged in Seattle in a 40-count superseding indictment for allegedly being involved in the theft and sale of financial information of millions of customers. Seleznev is also charged in a separate indictment with participating in a racketeer influenced corrupt organization (RICO) and conspiracy related to possession of counterfeit and unauthorized access devices. 9 This investigation was lead by the Secret Service s Seattle Electronic Crimes Task Force. In another case, the Secret Service, as part of a joint investigation with U.S. Immigration and Customs Enforcement s Homeland Security Investigations (HSI) and the Global Illicit Financial Team, hosted by IRS-Criminal Investigations, shut down the digital currency provider Liberty Reserve, which was allegedly widely used by criminals worldwide to store, transfer, and launder the proceeds of a variety of illicit activities. Liberty Reserve had more than one million users, who conducted approximately 55 million transactions through its system totaling more than $6 billion in funds. The alleged founder of Liberty Reserve, Arthur Budovsky, was recently extradited from Spain to the United States. Mr. Budovsky is among seven individuals charged in the indictment. Four co-defendants Vladimir Kats, Azzeddine el Amine, Mark Marmilev, and Maxim Chukharev have pleaded guilty and await sentencing. Charges against Liberty Reserve 7 See 8 See UPS Store s press release available at 9 See 3

5 and two individual defendants, who have not been apprehended, remain pending. This investigation was lead by the Secret Service s New York Electronic Crimes Task Force. Legislative Action to Combat Data Breaches While there is no single solution to prevent data breaches of U.S. customer information, legislative action could help to improve the Nation s cybersecurity, reduce regulatory costs on U.S. companies, and strengthen law enforcement s ability to conduct effective investigations. The Administration has proposed various pieces of cybersecurity legislation, including law enforcement provisions related to computer security, and continues to urge Congress to pass legislation that will strengthen government and private sector cybersecurity capabilities. In particular, we urge Congress to act on legislation that will allow us to keep pace with the rapidlyevolving threats of cyber crime. 10 Conclusion The Secret Service is committed to continuing to safeguard the Nation s financial payment systems by defeating cyber criminal organizations. Responding to the growth in these types of crimes, and the level of sophistication these criminals employ, requires significant resources and substantial collaboration among law enforcement and its public and private sector partners. Accordingly, the Secret Service dedicates significant resources to improving investigative techniques, providing training for law enforcement partners, and sharing information on cyber threats. The Secret Service will continue to coordinate and collaborate with other government agencies and the private sector as we develop new methods to combating cyber crime. Thank you for your continued commitment to protecting our Nation s financial system from cyber crime. 10 This proposal is available at: 4

Edward Lowery III Special Agent in Charge Criminal Investigative Division, U.S. Secret Service Prepared Testimony Before the United States Senate Committee on Homeland Security and Governmental Affairs

STATEMENT OF MYTHILI RAMAN ACTING ASSISTANT ATTORNEY GENERAL CRIMINAL DIVISION U.S. DEPARTMENT OF JUSTICE BEFORE THE COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS UNITED STATES SENATE FOR A HEARING

Prepared testimony of W. Joseph Majka Head of Fraud Control and Investigations Visa Inc. Before the Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology of the House Committee on

Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest

WRITTEN TESTIMONY OF KEVIN MANDIA CHIEF EXECUTIVE OFFICER MANDIANT CORPORATION BEFORE THE SUBCOMMITTEE ON CRIME AND TERRORISM JUDICIARY COMMITTEE UNITED STATES SENATE May 8, 2013 Introduction Thank you

FOR IMMEDIATE RELEASE February 13, 2015 THE WHITE HOUSE Office of the Press Secretary FACT SHEET: White House Summit on Cybersecurity and Consumer Protection As a nation, the United States has become highly

THE CHANGING FACE OF IDENTITY THEFT THE CURRENT AND FUTURE LANDSCAPE Identity is the unique set of characteristics that define an entity or individual. Identity theft is the unauthorized use of an individual

COMMITTEE OF EXPERTS ON TERRORISM (CODEXTER) CYBERTERRORISM THE USE OF THE INTERNET FOR TERRORIST PURPOSES UNITED STATES OF AMERICA September 2007 Kapitel 1 www.coe.int/gmt The responses provided below

Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record Roberta Stempfley Acting Assistant Secretary for Cybersecurity and Communications

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 The following consists of the joint explanatory statement to accompany the Cybersecurity Act of 2015. This joint explanatory statement

STATEMENT OF JOSEPH M. DEMAREST, JR. ASSISTANT DIRECTOR CYBER DIVISION FEDERAL BUREAU OF INVESTIGATION BEFORE THE SUBCOMMITTEE ON CRIME AND TERRORISM COMMITTEE ON JUDICIARY UNITED STATES SENATE ENTITLED:

WRITTEN TESTIMONY BEFORE THE SENATE COMMITTEE ON THE JUDICIARY HEARING ON PRIVACY IN THE DIGITAL AGE: PREVENTING DATA BREACHES AND COMBATING CYBERCRIME FEBRUARY 4, 2014 TESTIMONY OF JOHN MULLIGAN EXECUTIVE

STATEMENT OF ALYSA D. ERICHS SPECIAL AGENT IN CHARGE HOMELAND SECURITY INVESTIGATIONS MIAMI U.S. IMMIGRATION AND CUSTOMS ENFORCEMENT REGARDING A HEARING ON CATCH ME IF YOU CAN: THE IRS IMPERSONATION SCAM

WILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES This special report examines the cyber risk disclosures made by the retail sector of the Fortune 1000.

For Release Upon Delivery 10:00 a.m., December 10, 2014 TESTIMONY OF VALERIE ABEND SENIOR CRITICAL INFRASTRUCTURE OFFICER OFFICE OF THE COMPTROLLER OF THE CURRENCY Before the COMMITTEE ON BANKING, HOUSING,

U. S. Attorney Office Northern District of Texas March 2013 What Is Cybercrime? Hacking DDOS attacks Domain name hijacking Malware Other computer related offenses, i.e. computer and internet used to facilitate

www.pwc.fi We believe successful global organisations can confront fraud, corruption and abuse Finland Who are we? Bring a robust forensics team to the table to support your organisation Our practice can

An Overview of Cybersecurity and Cybercrime in Taiwan I. Introduction To strengthen Taiwan's capability to deal with information and communication security issues, the National Information and Communication

Who s Doing the Hacking? 1 HACKTIVISTS Although the term hacktivist refers to cyber attacks conducted in the name of political activism, this segment of the cyber threat spectrum covers everything from

Public Hearing Before the United States Sentencing Commission Panel Two William Wilberforce Trafficking Victims Protection Reauthorization Act of 2008 Tuesday, March 17, 2009 3:45 p.m. 4:45 p.m. Federal

TESTIMONY OF CAROLINE CIRAOLO ACTING ASSISTANT ATTORNEY GENERAL TAX DIVISION U.S. DEPARTMENT OF JUSTICE BEFORE THE COMMITTEE ON FINANCE UNITED STATES SENATE FOR A HEARING CONCERNING TAX SCHEMES AND SCAMS

EY Cyber Security Hacktics Center of Excellence The Cyber Crime Underground Page 2 The Darknet Page 3 What can we find there? Hit men Page 4 What can we find there? Drug dealers Page 5 What can we find

Testimony of Mr. Anish Bhimani On behalf of the Financial Services Information Sharing and Analysis Center (FS-ISAC) before the Committee on Homeland Security United States House of Representatives DHS

Statement for the Record Worldwide Cyber Threats House Permanent Select Committee on Intelligence James R. Clapper Director of National Intelligence September 10, 2015 STATEMENT FOR THE RECORD Worldwide

TH CONGRESS ST SESSION S. ll To codify mechanisms for enabling cybersecurity threat indicator sharing between private and government entities, as well as among private entities, to better protect information

STATEMENT OF RANDY S. MISKANIC VICE PRESIDENT, SECURE DIGITAL SOLUTIONS U.S. POSTAL SERVICE BEFORE THE SUBCOMMITTEE ON FEDERAL WORKFORCE, U.S. POSTAL SERVICE AND THE CENSUS UNITED STATES HOUSE OF REPRESENTATIVES

New York State Department of Financial Services Report on Cyber Security in the Insurance Sector February 2015 Report on Cyber Security in the Insurance Sector I. Introduction Cyber attacks against financial

STATEMENT OF JOSEPH DEMAREST ASSISTANT DIRECTOR CYBER DIVISION FEDERAL BUREAU OF INVESTIGATION BEFORE THE HOMELAND SECURITY COMMITTEE SUBCOMMITTEE ON COUNTERTERRORISM AND INTELLIGENCE AND SUBCOMITTEE ON

Testimony of Dan Nutkis CEO of HITRUST Alliance Before the Oversight and Government Reform Committee, Subcommittee on Information Technology Hearing entitled: Cybersecurity: The Evolving Nature of Cyber

This Risk Alert provides summary observations from OCIE s examinations of registered broker-dealers and investment advisers, conducted under the Cybersecurity Examination Initiative, announced April 15,

Written Testimony of Dr. Andy Ozment Assistant Secretary for Cybersecurity and Communications U.S. Department of Homeland Security Before the U.S. House of Representatives Committee on Oversight and Government

Cyber Security Laws and Policy Implications of these Laws In an age where so many businesses and systems are reliant on computer systems, there is a large incentive for maintaining the security of their

STATEMENT OF JAMES B. COMEY DIRECTOR FEDERAL BUREAU OF INVESTIGATION BEFORE THE COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS UNITED STATES SENATE AT A HEARING ENTITLED THREATS TO THE HOMELAND

WILLIS SPECIAL REPORT: 10K DISCLOSURES HOW TECHNOLOGY AND TELECOM COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES This special report examines the cyber risk disclosures made by the technology and telecommunications

THE 411 ON CYBERSECURITY, INFORMATION SHARING AND PRIVACY DISCLAIMER Views expressed in this presentation are not necessarily those of our respective Departments Any answers to questions are our own opinions

WHITE-COLLAR CRIMES IN CALIFORNIA Although White-Collar Crimes are Non-Violent Offenses They are Criminal Offenses Nonetheless and Can be Punished Just as Harshly as Other, More Well-Known, Crimes; a Basic

WRITTEN TESTIMONY OF JOHN A. KOSKINEN COMMISSIONER INTERNAL REVENUE SERVICE BEFORE THE SENATE FINANCE COMMITTEE ON UNAUTHORIZED ATTEMPTS TO ACCESS TAXPAYER DATA JUNE 2, 2015 Chairman Hatch, Ranking Member

CITY OF TAMPA Bob Buckhorn, Mayor POLICE DEPARTMENT Jane Castor Chief of Police United States Senate Special Committee on Aging Mr. Chairman Members of the Committee On behalf of the City of Tampa, Mayor

OLL0 TH CONGRESS ST SESSION S. ll To secure the United States against cyber attack, to improve communication and collaboration between the private sector and the Federal Government, to enhance American

The FBI and the Internet Special Agent Robert Flaim Federal Bureau of Investigation Presentation Goals To give you a better understanding of: The FBI Cyber Division, its priorities, and its mission The

STATEMENT OF DELARA DERAKHSHANI CONSUMERS UNION BEFORE THE UNITED STATES SENATE COMMITTEE ON THE JUDICIARY ON PRIVACY IN THE DIGITAL AGE: PREVENTING DATA BREACHES AND COMBATING CYBERCRIME FEBRUARY 4, 2013

Cybercrime: an overview of incidents and issues in Canada 2014 HER MAJESTY THE QUEEN IN RIGHT OF CANADA as represented by the Royal Canadian Mounted Police. Cat. no.: PS64-116/2014E-PDF ISBN: 978-1-100-24379-5

Global Security Studies, Summer 2014, Volume 5, Issue 3 Cybersecurity and United States Policy Issues Cristina Berriz Peace, War and Defense Program University of North Carolina at Chapel Hill Chapel Hill,

ileparlment of Justire STATEMENT OF MYTHILI RAMAN ASSISTANT ATTORNEY GENERAL DEPARTMENT OF JUSTICE BEFORE THE COMMITTEE ON THE JUDICIARY UNITED STATES SENATE AT A HEARING ENTITLED "PRIVACY IN THE DIGITAL

PREPARED STATEMENT OF THE FEDERAL TRADE COMMISSION Before the OHIO PRIVACY and PUBLIC RECORDS ACCESS STUDY COMMITTEE of the OHIO SENATE and HOUSE OF REPRESENTATIVES on Public Entities, Personal Information,

Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity

ELEMENTS OF FINANCIAL CRIMES INVESTIGATIONS This one-day course will provide an officer with the essential investigative foundation to conduct a financial crimes investigation in today s technology driven

ELEMENTS OF FINANCIAL CRIMES INVESTIGATIONS This one-day course will provide an officer with the essential investigative foundation to conduct a financial crimes investigation in today s technology driven

Testimony of Dr. Phyllis Schneck Deputy Under Secretary for Cybersecurity and Communications National Protection and Programs Directorate United States Department of Homeland Security Before the United